Privacy Policy
Last updated: November 26, 2025
At Neureus, we take your privacy seriously. This policy explains how we collect, use, and protect your data when you use our AI platform.
Our Privacy Principles
We built Neureus with privacy as a core design principle, not an afterthought.
Data Minimization
We only collect data necessary to provide our services. No unnecessary tracking or profiling.
Security First
All data encrypted at rest and in transit. SOC 2 Type II compliance in progress.
Transparency
Clear documentation of what data we collect, how we use it, and your rights.
Your Control
Delete your data anytime. Export your data on request. No vendor lock-in.
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address (for authentication and communication)
- Name (optional, for personalization)
- Company name (optional, for business accounts)
- API keys and credentials (encrypted, for platform access)
Usage Data
To provide and improve our services, we automatically collect:
- API request metadata (timestamp, endpoint, response time)
- Usage metrics (tokens used, models accessed, features utilized)
- Performance data (latency, error rates, throughput)
- IP address and user agent (for security and abuse prevention)
Content You Provide
When using our AI platform:
- Documents uploaded to AutoRAG (processed and vectorized)
- AI prompts and responses (logged for billing and debugging)
- Workflow configurations (stored for your convenience)
- Custom integrations and settings (stored in your account)
2. How We Use Your Information
We use collected data exclusively for:
- Service Delivery: Processing your AI requests, managing your account
- Billing: Calculating usage-based charges, generating invoices
- Security: Detecting abuse, preventing fraud, protecting our infrastructure
- Improvement: Analyzing performance, identifying bugs, optimizing features
- Communication: Sending service updates, security alerts, billing notices
We DO NOT:
- Sell your data to third parties
- Use your content to train AI models (unless explicitly opted in)
- Share your data for advertising purposes
- Retain your data longer than necessary
3. Data Storage and Security
Infrastructure
All data is stored on Cloudflare's global network:
- Database: Cloudflare D1 (SQLite at the edge)
- Object Storage: Cloudflare R2 (S3-compatible)
- Vectors: Cloudflare Vectorize (for AutoRAG)
- Key-Value: Cloudflare KV (for sessions and caching)
Encryption
- In Transit: TLS 1.3 for all connections
- At Rest: AES-256 encryption for stored data
- API Keys: Hashed and encrypted before storage
- Passwords: Bcrypt hashing (never stored in plaintext)
Compliance
- SOC 2 Type II audit in progress (expected Q1 2026)
- GDPR compliant data processing
- CCPA compliant for California residents
- Regular security audits and penetration testing
4. Data Retention
We retain data only as long as necessary:
- Account Data: Until you delete your account
- API Logs: 90 days for debugging and billing
- Usage Analytics: 12 months in aggregated form
- Billing Records: 7 years (legal requirement)
- AutoRAG Documents: Until you delete them or close your account
After retention periods expire, data is automatically and permanently deleted.
5. Your Rights
You have the following rights regarding your data:
Access
Request a copy of all data we hold about you. We'll provide it in a machine-readable format within 30 days.
Correction
Update or correct your account information anytime through the dashboard.
Deletion
Delete your account and all associated data anytime. This action is irreversible.
Export
Download your data (documents, configurations, usage history) in JSON format.
Opt-Out
Opt out of marketing emails (service emails are required for account operation).
6. Third-Party Services
Neureus integrates with third-party AI providers:
- OpenAI: GPT models (subject to OpenAI's privacy policy)
- Anthropic: Claude models (subject to Anthropic's privacy policy)
- Google: Gemini models (subject to Google's privacy policy)
- Meta: Llama models (processed on our infrastructure)
When you use cloud AI models, your prompts may be sent to these providers. We recommend reviewing their privacy policies. Edge models (Llama, Mistral, Gemma) are processed entirely on Cloudflare's network without third-party access.
7. Cookies and Tracking
We use minimal cookies for:
- Authentication: Session cookies (httpOnly, secure)
- Analytics: Cloudflare Web Analytics (privacy-first, no personal data)
- Preferences: Dark mode, language settings (localStorage)
We DO NOT use:
- Google Analytics or similar tracking services
- Third-party advertising cookies
- Social media tracking pixels
- Cross-site tracking or fingerprinting
See our Cookies Policy for details.
8. International Data Transfers
Neureus operates globally on Cloudflare's edge network (300+ locations). Your data may be processed in any of these locations to provide optimal performance.
For EU residents: Data transfers comply with GDPR through Cloudflare's Standard Contractual Clauses (SCCs). Data processed in the EU remains in the EU when possible.
9. Children's Privacy
Neureus is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has created an account, contact us immediately and we'll delete it.
10. Changes to This Policy
We may update this policy to reflect:
- New features or services
- Legal or regulatory requirements
- Security improvements
- Community feedback
When we make material changes, we'll notify you via:
- Email to your registered address
- Dashboard notification
- Banner on this website
Continued use after changes constitutes acceptance of the updated policy.
11. Contact Us
For privacy questions, data requests, or concerns:
For general inquiries, visit our Contact page.
Questions about privacy?
We're committed to transparency. Reach out anytime.